wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Redirect to 2FA selection screen

Browse source 
Apps like 'rainloop' use \OCP\Util::isLoggedIn() to check whether the
current request is authenticated. Since we redirected to the index
page before, it resulted in an infinite redirection loop. This change
sets the redirection URL to the 2FA selection page, which is the only
allowed page in that authentication state.

Fixes https://github.com/nextcloud/server/issues/3702

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst 2017-04-03 14:29:24 +02:00
parent 455542d306
commit a7cc8c86ab
No known key found for this signature in database
GPG key ID: CC42AC2A7F0E56D8
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/legacy/util.php
View file

@ -981,9 +981,9 @@ class OC_Util {
);
exit();
}
// Redirect to index page if 2FA challenge was not solved yet
// Redirect to 2FA challenge selection if 2FA challenge was not solved yet
if (\OC::$server->getTwoFactorAuthManager()->needsSecondFactor(\OC::$server->getUserSession()->getUser())) {
header('Location: ' . \OCP\Util::linkToAbsolute('', 'index.php'));
header('Location: ' . \OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.selectChallenge'));
exit();
}
}